From 5cd765a382f1b91348dc5f6df60ed3ca527bc2a5 Mon Sep 17 00:00:00 2001 From: Han-Wen Nienhuys Date: Tue, 24 Apr 2018 18:26:56 +0200 Subject: [PATCH] Make zip generation (more) reproducible The 'touch' command uses the system default timezone if none is supplied. This makes zip files dependent on the timezone of the generating machine. Zip by default stores extended attributes (eg. ctime, atime) on Unix systems. These can be further sources of non-determinism, so switch it off with --no-extra Change-Id: I7e102be7368ef339cbaf47524b90688c32a09238 --- polygerrit-ui/app/BUILD | 2 ++ tools/bzl/javadoc.bzl | 4 +++- tools/bzl/js.bzl | 12 +++++++++--- tools/bzl/pkg_war.bzl | 4 +++- 4 files changed, 17 insertions(+), 5 deletions(-) diff --git a/polygerrit-ui/app/BUILD b/polygerrit-ui/app/BUILD index 5b3085623c..c7357462e2 100644 --- a/polygerrit-ui/app/BUILD +++ b/polygerrit-ui/app/BUILD @@ -65,6 +65,8 @@ genrule2( ("tar -hcf- $(locations :pg_code) |" + " tar --strip-components=2 -C $$TMP/ -xf-"), "cd $$TMP", + "TZ=UTC", + "export TZ", "find . -exec touch -t 198001010000 '{}' ';'", "zip -rq $$ROOT/$@ *", ]), diff --git a/tools/bzl/javadoc.bzl b/tools/bzl/javadoc.bzl index 97f291b118..f49c8815d7 100644 --- a/tools/bzl/javadoc.bzl +++ b/tools/bzl/javadoc.bzl @@ -28,6 +28,8 @@ def _impl(ctx): source = ctx.outputs.zip.path + ".source" external_docs = ["http://docs.oracle.com/javase/8/docs/api"] + ctx.attr.external_docs cmd = [ + "TZ=UTC", + "export TZ", "rm -rf %s" % source, "mkdir %s" % source, " && ".join(["unzip -qud %s %s" % (source, j.path) for j in source_jars]), @@ -50,7 +52,7 @@ def _impl(ctx): ":".join(transitive_jar_paths), "-d %s" % dir]), "find %s -exec touch -t 198001010000 '{}' ';'" % dir, - "(cd %s && zip -qr ../%s *)" % (dir, ctx.outputs.zip.basename), + "(cd %s && zip -Xqr ../%s *)" % (dir, ctx.outputs.zip.basename), ] ctx.actions.run_shell( inputs = list(transitive_jar_set) + list(source_jars) + ctx.files._jdk, diff --git a/tools/bzl/js.bzl b/tools/bzl/js.bzl index 945b8e17e9..2796f64257 100644 --- a/tools/bzl/js.bzl +++ b/tools/bzl/js.bzl @@ -75,13 +75,15 @@ def _bower_archive(ctx): _bash(ctx, " && " .join([ "TMP=$(mktemp -d || mktemp -d -t bazel-tmp)", + "TZ=UTC", + "export UTC", "cd $TMP", "mkdir bower_components", "cd bower_components", "unzip %s" % ctx.path(download_name), "cd ..", "find . -exec touch -t 198001010000 '{}' ';'", - "zip -r %s bower_components" % renamed_name, + "zip -Xr %s bower_components" % renamed_name, "cd ..", "rm -rf ${TMP}", ])) @@ -153,11 +155,13 @@ def _js_component(ctx): name = name[:-4] dest = "%s/%s" % (dir, name) cmd = " && ".join([ + "TZ=UTC", + "export TZ", "mkdir -p %s" % dest, "cp %s %s/" % (' '.join([s.path for s in ctx.files.srcs]), dest), "cd %s" % dir, "find . -exec touch -t 198001010000 '{}' ';'", - "zip -qr ../%s *" % ctx.outputs.zip.basename + "zip -Xqr ../%s *" % ctx.outputs.zip.basename ]) ctx.actions.run_shell( @@ -232,13 +236,15 @@ def _bower_component_bundle_impl(ctx): outputs=[out_zip], command=" && ".join([ "p=$PWD", + "TZ=UTC", + "export TZ", "rm -rf %s.dir" % out_zip.path, "mkdir -p %s.dir/bower_components" % out_zip.path, "cd %s.dir/bower_components" % out_zip.path, "for z in %s; do unzip -q $p/$z ; done" % " ".join(sorted([z.path for z in zips])), "cd ..", "find . -exec touch -t 198001010000 '{}' ';'", - "zip -qr $p/%s bower_components/*" % out_zip.path, + "zip -Xqr $p/%s bower_components/*" % out_zip.path, ]), mnemonic="BowerCombine") diff --git a/tools/bzl/pkg_war.bzl b/tools/bzl/pkg_war.bzl index a8ccbee39c..d6a4c7816e 100644 --- a/tools/bzl/pkg_war.bzl +++ b/tools/bzl/pkg_war.bzl @@ -55,9 +55,11 @@ def _add_file(in_file, output): def _make_war(input_dir, output): return '(%s)' % ' && '.join([ 'root=$(pwd)', + 'TZ=UTC', + 'export TZ', 'cd %s' % input_dir, "find . -exec touch -t 198001010000 '{}' ';' 2> /dev/null", - 'zip -9qr ${root}/%s .' % (output.path), + 'zip -X -9qr ${root}/%s .' % (output.path), ]) def _war_impl(ctx):